diff --git a/flake.lock b/flake.lock index 3ceae14..bd391f2 100644 --- a/flake.lock +++ b/flake.lock @@ -61,6 +61,26 @@ "type": "github" } }, + "deploy-rs": { + "inputs": { + "flake-compat": "flake-compat", + "nixpkgs": "nixpkgs", + "utils": "utils" + }, + "locked": { + "lastModified": 1766051518, + "narHash": "sha256-znKOwPXQnt3o7lDb3hdf19oDo0BLP4MfBOYiWkEHoik=", + "owner": "serokell", + "repo": "deploy-rs", + "rev": "d5eff7f948535b9c723d60cd8239f8f11ddc90fa", + "type": "github" + }, + "original": { + "owner": "serokell", + "repo": "deploy-rs", + "type": "github" + } + }, "disko": { "inputs": { "nixpkgs": [ @@ -82,6 +102,22 @@ } }, "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_2": { "flake": false, "locked": { "lastModified": 1761588595, @@ -173,11 +209,11 @@ ] }, "locked": { - "lastModified": 1767702900, - "narHash": "sha256-xMzHmNytl7JgFRov2jHf2GYsLVp/sAfYO0JvbZt0uDo=", + "lastModified": 1768068402, + "narHash": "sha256-bAXnnJZKJiF7Xr6eNW6+PhBf1lg2P1aFUO9+xgWkXfA=", "owner": "nix-community", "repo": "home-manager", - "rev": "38e187fd2f9efac197e03be0c25f3ee215974144", + "rev": "8bc5473b6bc2b6e1529a9c4040411e1199c43b4c", "type": "github" }, "original": { @@ -211,9 +247,9 @@ "mailserver": { "inputs": { "blobs": "blobs", - "flake-compat": "flake-compat", + "flake-compat": "flake-compat_2", "git-hooks": "git-hooks", - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs_2" }, "locked": { "lastModified": 1766321686, @@ -247,11 +283,11 @@ }, "nix-flatpak": { "locked": { - "lastModified": 1739444422, - "narHash": "sha256-iAVVHi7X3kWORftY+LVbRiStRnQEob2TULWyjMS6dWg=", + "lastModified": 1767983141, + "narHash": "sha256-7ZCulYUD9RmJIDULTRkGLSW1faMpDlPKcbWJLYHoXcs=", "owner": "gmodena", "repo": "nix-flatpak", - "rev": "5e54c3ca05a7c7d968ae1ddeabe01d2a9bc1e177", + "rev": "440818969ac2cbd77bfe025e884d0aa528991374", "type": "github" }, "original": { @@ -278,6 +314,54 @@ } }, "nixpkgs": { + "locked": { + "lastModified": 1743014863, + "narHash": "sha256-jAIUqsiN2r3hCuHji80U7NNEafpIMBXiwKlSrjWMlpg=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "bd3bac8bfb542dbde7ffffb6987a1a1f9d41699f", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1767313136, + "narHash": "sha256-16KkgfdYqjaeRGBaYsNrhPRRENs0qzkQVUooNHtoy2w=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "ac62194c3917d5f474c1a844b6fd6da2db95077d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-unstable": { + "locked": { + "lastModified": 1768127708, + "narHash": "sha256-1Sm77VfZh3mU0F5OqKABNLWxOuDeHIlcFjsXeeiPazs=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "ffbc9f8cbaacfb331b6017d5a5abb21a492c9a38", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { "locked": { "lastModified": 1764374374, "narHash": "sha256-naS7hg/D1yLKSZoENx9gvsPLFiNEOTcqamJSu0OEvCA=", @@ -293,55 +377,23 @@ "type": "github" } }, - "nixpkgs-stable": { - "locked": { - "lastModified": 1767051569, - "narHash": "sha256-0MnuWoN+n1UYaGBIpqpPs9I9ZHW4kynits4mrnh1Pk4=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "40ee5e1944bebdd128f9fbada44faefddfde29bd", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-25.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-unstable": { - "locked": { - "lastModified": 1767379071, - "narHash": "sha256-EgE0pxsrW9jp9YFMkHL9JMXxcqi/OoumPJYwf+Okucw=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "fb7944c166a3b630f177938e478f0378e64ce108", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_2": { - "locked": { - "lastModified": 1767379071, - "narHash": "sha256-EgE0pxsrW9jp9YFMkHL9JMXxcqi/OoumPJYwf+Okucw=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "fb7944c166a3b630f177938e478f0378e64ce108", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_3": { + "locked": { + "lastModified": 1768127708, + "narHash": "sha256-1Sm77VfZh3mU0F5OqKABNLWxOuDeHIlcFjsXeeiPazs=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "ffbc9f8cbaacfb331b6017d5a5abb21a492c9a38", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { "locked": { "lastModified": 1766902085, "narHash": "sha256-coBu0ONtFzlwwVBzmjacUQwj3G+lybcZ1oeNSQkgC0M=", @@ -376,13 +428,14 @@ "root": { "inputs": { "agenix": "agenix", + "deploy-rs": "deploy-rs", "disko": "disko", "home-manager": "home-manager_2", "mailserver": "mailserver", "mozilla": "mozilla", "nix-flatpak": "nix-flatpak", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs_3", "nixpkgs-stable": "nixpkgs-stable", "nixpkgs-unstable": "nixpkgs-unstable", "pin-factorio": "pin-factorio", @@ -404,17 +457,50 @@ "type": "github" } }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "utils": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "zen-browser": { "inputs": { "home-manager": "home-manager_3", - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs_4" }, "locked": { - "lastModified": 1767568852, - "narHash": "sha256-6s8hL3YX9zAq2T7qvcwwzaEVwc9MEYbW+C2LcAAQfbk=", + "lastModified": 1768183082, + "narHash": "sha256-XsiMOsqRLfmUi+24F7adhb/GAM2dMvplzwaW2Wxg/lo=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "350c729b261e6f5529460140a5f0943dd4c5e156", + "rev": "cdbc300fd89d503a95d1c8564de31a93d7b0a0ae", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 588f7ae..97887e4 100644 --- a/flake.nix +++ b/flake.nix @@ -28,12 +28,14 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + deploy-rs.url = "github:serokell/deploy-rs"; + # Pins # Factorio 2.0.72 pin-factorio.url = "github:NixOS/nixpkgs?rev=c5ae371f1a6a7fd27823bc500d9390b38c05fa55"; }; - outputs = { self, nixpkgs, mailserver, ... }@inputs: { + outputs = { self, nixpkgs, mailserver, deploy-rs, ... }@inputs: { nixosConfigurations = { # Framework Computer piaf = nixpkgs.lib.nixosSystem { @@ -53,15 +55,40 @@ }; # Desktop ISO - triforce = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = inputs; - modules = [ ./hosts/triforce ]; - }; + # triforce = nixpkgs.lib.nixosSystem { + # system = "x86_64-linux"; + # specialArgs = inputs; + # modules = [ ./hosts/triforce ]; + # }; }; packages."x86_64-linux" = { - desktop-iso = self.nixosConfigurations.desktop-iso.config.system.build.isoImage; + # desktop-iso = self.nixosConfigurations.desktop-iso.config.system.build.isoImage; }; + + deploy = { + interactiveSudo = true; + autoRollback = true; + magicRollback = true; + + nodes = { + zora = { + hostname = "zora"; + profilesOrder = [ "system" ]; + # fastConnection = true; + + profiles = { + system = { + sshUser = "lyes"; + user = "root"; + remoteBuild = true; + path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.zora; + }; + }; + }; + }; + }; + + checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib; }; } diff --git a/hosts/piaf/hardware.nix b/hosts/piaf/hardware.nix index 8b0c5b3..f5c507d 100644 --- a/hosts/piaf/hardware.nix +++ b/hosts/piaf/hardware.nix @@ -8,7 +8,7 @@ boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.configurationLimit = 10; # boot.loader.efi.canTouchEfiVariables = true; - # boot.kernelParams = [ "quiet" ]; + boot.kernelParams = [ "amdgpu.abmlevel=0" "amdgpu.sg_display=0" "amdgpu.dcdebugmask=0x410" ]; boot.initrd.systemd = { enable = true; # network.enable = true; diff --git a/hosts/zora/default.nix b/hosts/zora/default.nix index ab4f7f5..092e43e 100644 --- a/hosts/zora/default.nix +++ b/hosts/zora/default.nix @@ -16,16 +16,17 @@ ../../modules ../../modules/server - ../../modules/server/link - ../../modules/server/taf - ../../modules/server/giovanni ../../modules/server/baba - ../../modules/server/nayru - ../../modules/server/kalif - ../../modules/server/maistro - ../../modules/server/mikau ../../modules/server/biggoron ../../modules/server/biggoron/runner.nix + ../../modules/server/giovanni + ../../modules/server/kalif + ../../modules/server/link + ../../modules/server/maistro + ../../modules/server/mikau + ../../modules/server/nayru + ../../modules/server/taf + ../../modules/server/tetra # disko.nixosModules.disko agenix.nixosModules.default diff --git a/hosts/zora/reverse-proxy.nix b/hosts/zora/reverse-proxy.nix index 320340a..56dae9b 100644 --- a/hosts/zora/reverse-proxy.nix +++ b/hosts/zora/reverse-proxy.nix @@ -59,17 +59,6 @@ ''; locations."/".proxyPass = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}"; }; - - # 9980 - "collabora.lyes.eu" = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://localhost:${toString config.services.collabora-online.port}"; - proxyWebsockets = true; # collabora a besoin des websockets - }; - }; - # 8096 "media.lyes.eu" = { forceSSL = true; @@ -90,6 +79,22 @@ }; }; }; + # 44304 + "torrent.lyes.eu" = { + forceSSL = true; + enableACME = true; + locations."/".proxyPass = "http://localhost:${toString config.services.qbittorrent.webuiPort}"; + }; + + # 9980 + "collabora.lyes.eu" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://localhost:${toString config.services.collabora-online.port}"; + proxyWebsockets = true; # collabora a besoin des websockets + }; + }; }; }; } diff --git a/modules/server/README.md b/modules/server/README.md index c28e232..e2b3bf9 100644 --- a/modules/server/README.md +++ b/modules/server/README.md @@ -8,3 +8,4 @@ - `mikau` : Jellyfin (`media.lyes.eu`) - `nayru` : Komga/Manga (`manga.lyes.eu`) - `taf` : Mail (`taf.lyes.eu`/`mail.lyes.eu`) +- `tetra` : Torrent (`torrent.lyes.eu`) diff --git a/modules/server/link/default.nix b/modules/server/link/default.nix index e674df9..a76f5e3 100644 --- a/modules/server/link/default.nix +++ b/modules/server/link/default.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ config, ... }: let hostname = "auth.${config.networking.domain}"; diff --git a/modules/server/tetra/default.nix b/modules/server/tetra/default.nix new file mode 100644 index 0000000..0021264 --- /dev/null +++ b/modules/server/tetra/default.nix @@ -0,0 +1,46 @@ +{ ... }: + +{ + services.qbittorrent = { + enable = false; + user = "qbittorrent"; + group = "media"; + + webuiPort = 44303; + + serverConfig = { + LegalNotice.Accepted = true; + General.Locale = "fr"; + BitTorrent = { + Session = { + DefaultSavePath = "/var/data/media/torrent/"; + AnonymousModeEnabled=true; + GlobalDLSpeedLimit=1250; + GlobalUPSpeedLimit=125; + AlternativeGlobalDLSpeedLimit=2500; + AlternativeGlobalUPSpeedLimit=125; + # BandwidthSchedulerEnabled=true; + UseAlternativeGlobalSpeedLimit=false; + QueueingSystemEnabled=true; + MaxActiveDownloads = 7; + MaxActiveTorrents = 7; + MaxActiveUploads = 3; + GlobalMaxSeedingMinutes=1440; + }; + }; + Preferences = { + WebUI = { + Username = "lyes"; + Password_PBKDF2 = "@ByteArray(5UU0KdjkWdtIdml1aQVDOQ==:qs0cVTkuQzbHA3EmF9++MK9eJstbx95hIR52amh2PSSgmQxrXavu0oxUZdUMWnaIRKkUuq18o9GV+DMb7T99NA==)"; + AuthSubnetWhitelistEnabled = true; + # AuthSubnetWhitelist = "192.168.2.2/32"; + StatusbarExternalIPDisplayed = true; + }; + }; + }; + }; + + # users.users.qbittorrent.extraGroups = [ "media" ]; + users.users.qbittorrent.isSystemUser = true; + users.users.qbittorrent.group = "media"; +} diff --git a/users/lyes/common/packages.nix b/users/lyes/common/packages.nix index e054dc1..55efe1a 100644 --- a/users/lyes/common/packages.nix +++ b/users/lyes/common/packages.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ pkgs, deploy-rs, ... }: { # Packages @@ -9,5 +9,8 @@ sl jq pass + + # NixOS-related + deploy-rs.packages."${stdenv.hostPlatform.system}".default ]; }